CVE-2023-28770

2023-04-2709:15:09

CWE-200

[email protected]

web.nvd.nist.gov

cgi export_log

zcmd

zyxel

dx5401-b0

firmware

vulnerability

sensitive info

exposure

remote

unauthenticated

attacker

system files

password

supervisor

encrypted file

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.045 Low

EPSS

Percentile

92.5%

JSON

The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.